From 78ff12f828d858aec42f7c72b778adccfb0d2da7 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Fri, 9 Mar 2018 22:53:23 +0100
Subject: [PATCH] Update openshift role to use namespace-local roles

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/openshift/project/templates/appowners.yml      | 4 ++++
 roles/openshift/project/templates/role-appowners.yml | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/roles/openshift/project/templates/appowners.yml b/roles/openshift/project/templates/appowners.yml
index f2b0667853..d7d685635f 100644
--- a/roles/openshift/project/templates/appowners.yml
+++ b/roles/openshift/project/templates/appowners.yml
@@ -5,6 +5,10 @@ metadata:
   name: appowners
 roleRef:
   name: appowner
+{% if env == "staging" %}
+  # See note in role-appowners.yml
+  namespace: "{{app}}"
+{% endif %}
 userNames:
 {% for owner in appowners %}
 - {{ owner }}
diff --git a/roles/openshift/project/templates/role-appowners.yml b/roles/openshift/project/templates/role-appowners.yml
index d8d3b5c499..8db4990a8f 100644
--- a/roles/openshift/project/templates/role-appowners.yml
+++ b/roles/openshift/project/templates/role-appowners.yml
@@ -1,11 +1,16 @@
 apiVersion: v1
+{% if env == "staging" %}
+kind: Role
+{% else %}
 # Namespace-local roles did not work until openshift 3.6
 # https://github.com/openshift/origin/issues/14078
 kind: ClusterRole
+{% endif %}
 metadata:
   annotations:
     openshift.io/description: An application owner. Can view everything but ConfigMaps.
   name: appowner
+  namespace: "{{ app }}"
 rules:
 - apiGroups:
   - ""